A
study has shown that malicious threats using SSL encryption are
on the rise in 2017. According to the study, an average of 60
percent of the transactions in the Zscaler cloud have been
delivered over SSL/TLS. Researchers also found that the Zscaler
cloud saw an average of 8.4 million SSL/TLS-based security
blocks per day this year.

“Hackers are increasingly using SSL to conceal device
infections, shroud data exfiltration and hide botnet command and
control communications. In fact, our study found that the amount
of phishing attempts per day delivered over SSL/TLS has
increased 400 percent from 2016,” said Deepen Desai, senior
director, security research and operations. “SSL inspection is a
necessity in ensuring the security of network traffic in the
enterprise. Zscaler sits between users and the internet,
inspecting every byte of traffic, including encrypted traffic,
so we can catch hidden threats before they get into the
network.”

ThreatLabZ researchers also identified new malicious payload
distributions, based off unique payloads hitting the Zscaler
Cloud Sandbox, leveraging SSL/TLS for command and control (C&C)
activity. Banking Trojans comprised 60 percent of the payloads,
including families like Dridex, Zbot, Vawtrak and Trickbot,
while 25 percent were comprised of multiple ransomware families.
Less popular payloads included Infostealer Trojan families and
other miscellaneous families.

Additional findings include:

•The
amount of malicious content being delivered over SSL/TLS has
more than doubled in the last six months.

•The Zscaler cloud blocked an average of 12,000 phishing
attempts per day delivered over SSL/TLS—an increase of 400
percent from 2016.